Commit Graph

35544 Commits (dc3f1c84ed9d07460bc4dd849d91dd0afe9a3b8c)

Author SHA1 Message Date
Daniel Jensen bdd90655e4 Split off privesc into a seperate module 2015-09-16 23:11:32 +12:00
HD Moore ef043cebc3 Always use the stringified host->address during export 2015-09-16 02:59:11 -07:00
wchen-r7 63bb0cd0ec Add Android Mercury Browser Intent URI Scheme & Traversal 2015-09-16 00:48:57 -05:00
jvazquez-r7 2c9734f178
Add exploit source 2015-09-15 14:54:05 -05:00
jvazquez-r7 4d05c75a8e
Add a bunch of rop chains 2015-09-15 14:47:55 -05:00
jvazquez-r7 24af3fa12e
Add rop chains 2015-09-15 14:46:45 -05:00
Mo Sadek e911d60195
Land #5967, nil bug fix in SSO gather module 2015-09-15 10:25:50 -05:00
HD Moore b3f754136e Skip WfsDelay when the exploit has clearly failed 2015-09-15 08:04:23 -07:00
William Vu abe65cd400
Land #5974, java_jmx_server start order fix 2015-09-15 01:33:44 -05:00
xistence c99444a52e ManageEngine EventLog Analyzer Remote Code Execution 2015-09-15 07:29:16 +07:00
xistence 7bf2f158c4 ManageEngine OpManager Remote Code Execution 2015-09-15 07:24:32 +07:00
wchen-r7 cda102f07a
Land #5977, Ignore SMB exceptions during fingerprinting 2015-09-14 15:18:36 -05:00
HD Moore 713ded7ca2 Ignore SMB exceptions during fingerprinting
This fixes smb_version in cases where the remote server throws a Login error
for the default creds (null session).
2015-09-14 09:35:44 -07:00
Christian Mehlmauer 8ffcdbb3fd
Land #5971, MS15-100 Win Media Center MCL Vuln 2015-09-13 16:59:06 +02:00
wchen-r7 ae5aa8f542 No FILE_CONTENTS option 2015-09-12 23:32:02 -05:00
Daniel Jensen 4e22fce7ef Switched to using Rex MD5 function 2015-09-13 16:23:23 +12:00
xistence 0657fdbaa7 Replaced RPORT 2015-09-13 09:19:05 +07:00
xistence 521636a016 Small changes 2015-09-13 08:31:19 +07:00
jvazquez-r7 0d52a0617c
Verify win32k 6.3.9600.17837 is working 2015-09-12 15:27:50 -05:00
jvazquez-r7 9626596f85
Clean template code 2015-09-12 13:43:05 -05:00
Hans-Martin Münch (h0ng10) 0c4604734e Webserver starts at the beginning, stops at the end 2015-09-12 19:42:31 +02:00
xistence 79e3a7f84b Portmap amplification scanner 2015-09-12 16:25:06 +07:00
wchen-r7 eb018f3d29 No 7zip 2015-09-12 03:07:15 -05:00
jvazquez-r7 ad0140e0fc
Land #5864, @jlee-r7's fixes x64 injection 2015-09-11 16:09:37 -05:00
wchen-r7 01053095f9 Add MS15-100 Microsoft Windows Media Center MCL Vulnerability 2015-09-11 15:05:06 -05:00
William Vu 5f9f66cc1f Fix nil bug in SSO gather module 2015-09-11 02:21:01 -05:00
William Vu a1a7471154
Land #5949, is_root? for remove_lock_root 2015-09-11 02:09:14 -05:00
wchen-r7 f2ccca97e0 Move require 'msf/core/post/android' to post.rb 2015-09-11 01:56:21 -05:00
jvazquez-r7 53f995b9c3
Do first prototype 2015-09-10 19:35:26 -05:00
wchen-r7 017832be88
Land #5953, Add Bolt CMS File Upload Vulnerability 2015-09-10 18:29:13 -05:00
wchen-r7 602a12a1af typo 2015-09-10 18:28:42 -05:00
wchen-r7 94aea34d5b
Land #5965, Show the Shodan error message if no result are found 2015-09-10 17:39:25 -05:00
William Vu 86b9535a50
Land #5944, Nmap parser open|filtered -> unknown 2015-09-10 16:37:42 -05:00
William Vu db7e444ec3
Land #5955, .mailmap cleanup 2015-09-10 16:29:06 -05:00
William Vu 50643c5a8b
Land #5964, Meterpreter for OS X post modules 2015-09-10 16:26:40 -05:00
HD Moore cddf72cd57 Show errors when no results are found 2015-09-10 14:05:40 -07:00
wchen-r7 90ef9c11c9 Support meterpreter for OS X post modules 2015-09-10 15:57:43 -05:00
Roberto Soares 68521da2ce Fix check method. 2015-09-10 04:40:12 -03:00
wchen-r7 5480886927 Do absolute path 2015-09-09 22:00:35 -05:00
wchen-r7 ab1d61d80b Add MSU extractor
If you do patch test/analysis/diffing, you might find this tool
handy. This tool will automatically extract all the *.msu files,
and then you can search for the patched files you're looking for
quickly.

The workflow would be something like this:

1. You download the patches from:
   http://mybulletins.technet.microsoft.com/BulletinPages/Dashboard

2. You put all the *.msu files in one directory.

3. Run this tool: extract_msu.bat [path to *.msu files]

4. The tool should extract the updates. After it's done, you can
   use Windows to search for the file(s) you're looking for.
2015-09-09 21:34:07 -05:00
Roberto Soares 0ba03f7a06 Fix words. 2015-09-09 21:27:57 -03:00
Roberto Soares bc3f5b43ab Removerd WordPress mixin. 2015-09-09 21:26:15 -03:00
James Lee ec3aecbc9d
Land #5958, fix VulnAttempt creation
MSP-13233

Still needs styleguide cleanup.
2015-09-09 18:31:40 -05:00
Fernando Arias 0bb03db786
Rework vuln lookup logic to account for vuln with no service (nexpose import vuln with -1 port)
MSP-13234
2015-09-09 13:21:05 -05:00
Fernando Arias e88a14aee6
Rework exception handler for exploit simple
MSP-13233
2015-09-09 11:51:18 -05:00
Roberto Soares d3aa61d6a0 Move bolt_file_upload.rb to exploits/multi/http 2015-09-09 13:41:44 -03:00
James Lee 439e65aab9
Clean up .mailmap
Addresses without names cover all names for that address.
2015-09-09 08:42:15 -05:00
Roberto Soares 2800ecae07 Fix alignment. 2015-09-09 01:21:08 -03:00
Roberto Soares 48bd2c72a0 Add fail_with method and other improvements 2015-09-09 01:11:35 -03:00
Roberto Soares f08cf97224 Check method implemented 2015-09-08 23:54:20 -03:00